On Thu, Feb 10, 2022 at 10:27:32PM +0000, Eric Wilkison wrote:
> header_checks:
> /^X-Forefront-Antispam-Report:.*SFV:(SPM|SKS|SKB).*to=<.*@ms2019.mobility-lab.com>/
> WARNÂ It's working
You're expecting recipient information to be present in the header text.
> Feb 10 15:48:21 relay1 postfix/cleanup[6626]: C680C628D87E: warning: header
> X-Forefront-Antispam-Report:??CIP:144.188.130.206;CTRY:US;LANG:en;SCL:7;SRV:;IPV:NLI;SFV:SPM;H:relay2.mobility-lab.com;PTR:lab-144-188-130-206.reverse.mobility-lab.com;CAT:HSPM;SFS:(13230001)(218001);
> from mail-dm6nam11lp2177.outbound.protection.outlook.com[104.47.57.177];
> from=<test...@ms2016.mobility-lab.com> to=<er...@ms2019.mobility-lab.com>
> proto=ESMTP helo=<NAM11-DM6-obe.outbound.protection.outlook.com>: fall
> through rule match
However, the header consists of only:
> X-Forefront-Antispam-Report:??CIP:144.188.130.206;CTRY:US;LANG:en;SCL:7;SRV:;IPV:NLI;SFV:SPM;H:relay2.mobility-lab.com;PTR:lab-144-188-130-206.reverse.mobility-lab.com;CAT:HSPM;SFS:(13230001)(218001)
The remaining text in the log entry is *not* part of the header, it is
message metadata that Postfix logs as additional context:
* Client name and IP:
> from mail-dm6nam11lp2177.outbound.protection.outlook.com[104.47.57.177]
Envelope sender:
> from=<test...@ms2016.mobility-lab.com>
Envelope recipient (when only one present):
> to=<er...@ms2019.mobility-lab.com>
EHLO/HELO protocol
> proto=ESMTP helo=<NAM11-DM6-obe.outbound.protection.outlook.com>
Rule RHS:
> fall through rule match
--
Viktor.
